Cybersecurity and Countermeasures at the Time of Pandemic

With the emergence of one of this century’s deadliest pandemics


Introduction
Humanity has been suffering from several diseases and epidemics since the early days. However, the volume and prevalence of these diseases have not increased dramatically over the past decades, as happening recently. is noticeable shift in recent times is the result of multiple factors where geography and widespread trade could be one of the reasons in pandemic spread. In these early years, malaria, tuberculosis, leprosy, flu, smallpox, and more appeared first [1].
In the last decades, several epidemics had been spread. e most prominent of which are new types of influenza,  Figure 1 shows the epidemic's history starting from 430 BC to date. e figure shows the epidemic time, the epidemic name, and the number of death cases [2,3].
Researchers use a simple tracking of a disease known as the reproductive number, named R0 or "R naught." Such a number indicates how many other people, in turn, will be affected on average by each infected person. Such a measure can be seen in Figure 2, which shows how many people were infected from a single person. As shown, measles is at the top of the list where R0 is within 12-18, which makes it the most contagious. is suggests that a person infects on average 12 to 18 other persons from his circle. While measles is considered the most virulent, immunization efforts reduced its propagation.
However, even though the scientists are very close to a vaccine, it is very complex to predict the true impact of COVID-19 [4]. In addition, no vaccine has been discovered yet. Such epidemics cause panic and anxiety in the world due to death acceleration among those who are infected and the number of people infected every day [5,6]. Such pandemics cause the stock markets to collapse as well as other world's finance, business, and investment, which may bring down the economies of those infected countries. Also, its continued spread among countries shakes global stability and incurs huge human losses. is puts heavy burden on the global economy that may require years to compensate for it. However, while the world focuses on the health and economic threats that COVID-19 poses, cyberthreats increase during these times, as the environment is well suited for cybercriminals to strike. Cybercriminals around the world undoubtedly take advantage of this crisis [7]. e motivation of this work is to record the malware activities at the time of the pandemic, especially COVID- 19. In addition, at the time the world is busy with treating the people and their health, this paper reports people's behavior in terms of security, either computer security and physical security. is paper also introduces different countermeasures that are used by the IT administrations to avoid security violations at the time of the pandemic. e contributions of this paper are as follows: (i) is paper investigates the recent malicious cyberattacks during the COVID-19 pandemic and how COVID-19 impacted the cybersecurity threat landscape so far. (ii) It reports the history of the pandemics and their effect. (iii) is paper draws some conclusions about physical security and the people's behavior during the time of the pandemic. (iv) is paper draws some recommendations to organizations and individuals that can be applied to reduce the risk of being impacted. (v) is research is considered, up to our knowledge, the first research to report and survey the cyberattacks at this short period of time, where collecting the cybersecurity information was a very hard job. erefore, the main sources of information reported in this paper depend on trusted organizations, accurate news, and available research articles. (vi) is paper surveys the different countermeasures for the different cybersecurity attacks reported in the paper.
is paper is structured as follows. Section 2 describes the regular cybersecurity attacks and their classifications in regular times. Section   Journal of Advanced Transportation cybersecurity at the time of COVID-19 as "Cybersecurity Pandemic." e cybersecurity countermeasures and some of our recommendations are discussed in Section 4. e paper is concluded with the "Conclusion" section.

Cybersecurity Attacks
is section provides a brief description of the regular attacks that will be discussed in this paper. Figure 3 shows the classification of cybersecurity attacks which are composed of four categories of attacks.

Flow Control Attack.
Flow control attack means changing the predefined control flow of an application to achieve the attacker's goal. One of the earliest flow control attacks is the code injection attack, where a machine code is written in the program memory, creating a bug that directs the main program to the new exploited code. is attack could be mitigated by using the so-called W⊕X protection technique, which ensures that memory is writable or executable (but not both). e other type of flow control attack is a code reuse attack in which a software flaw had been used to weave control flow to a malicious end via an existing codebase. For instance, the return-in-libc technique (RILC) is a relatively simple code-reuse attack that compromises the stack and transfers control to an existing libc function. It is often used to call a system to launch a process or to create a writable, executable memory area to bypass W⊕X [8].

Injection Attack.
In the injection attack, an attacker provides a program with untrusted input.
is input is processed as part of a command or query by an interpreter. In turn, this alters the execution of that program. Injection attacks are not new attacks, but they are categorized among the oldest but most dangerous web-based attacks. ey can result in data theft, data loss, data integrity loss, denial of service, and complete system compromising. e injection attacks could be further classified into malware, false data, and sabotage: (i) Malware is any malicious program or code that is harmful to systems or "malicious software." Hostile, disruptive, and deliberately irritating malware seeks to penetrate, destroy, or disable a device's operations, sometimes by taking part in the control of servers, operating systems, networks, tablets, and mobile devices. It interferes with normal functioning, as does human flu [9]. (ii) False data is the attack that targets measurements as well as data in various systems; one clear example is the power system where the false data attack tries to disrupt the system's normal operation [10]. (iii) Sabotage is a deliberate attempt to undermine a policy, initiative, or organization by subversion, obstruction, disturbance, or destruction. is could be through memory corruption, through crashing a machine or software, or even through the electromagnetic pulse.

Information Leakage
Attack. Information leakage means disclosing information unintentionally to end users to breach the application security. Information leakage attack is divided into side-channel attacks and encryption key bypass: (i) Side-channel attacks (SCAs) aim to extract secrets from a chip or system by measuring and analyzing their physical parameters. ese attacks are a major threat to cryptographic system modules because many SCA techniques have successfully breached a cryptographing operation (for instance, encryption) that is algorithmically robust and obtains the secret key. SCAs could be unintentional or intentional or data-driven [11]. (ii) Encryption key bypass is the second type of information leakage attack, and it happens through phishing or insider attacks [12].  Journal of Advanced Transportation different shapes, but the most important method is flooding [13,14].

Cybersecurity Pandemic
Cybersecurity at the time of COVID-19 is also considered another pandemic where many attacks are launched in a very short time. Although this pandemic and the whole world are busy searching for a cure, cybersecurity crimes had been increased these days. Figure 4 illustrates the infographic of the worldwide cybersecurity crimes during the COVID-19 pandemic. Nowadays, there is an increasing interest in cybersecurity since COVID-19 pandemic started.
is section classifies the cybersecurity threats and attacks based on the documented reported cases at the time of the COVID-19. Figure 5 shows the classifications of the different recent cyberattacks during the COVID-19 pandemic, and the details are described in the following sections. Also, Table 1 shows the cybersecurity attack types and related references.

Working from Home Malicious Cyberthreats.
e COVID-19 pandemic caused many citizens to work for the first time from home. Working from home has other cybersecurity threats, such as intentional cybercrime. When any personal computer or mobile phone is compromised, unauthorized access to the stored information can have a devastating effect on personal, emotional, financial, and working life [15]. Figure 6 classifies the different types of working from home threats. In the following sections, major working from home threats are discussed.
3.1.1. Unsecured Home Networks. As part of controlling of the coronavirus (COVID-19) spread, several organizations have encouraged or forced their staff to work from home.
is presents new cybersecurity challenges that must be managed. During the pandemic, almost all employees are connected through their home network, which is not secure enough as their work network; therefore, they are exposed to risks. All home networks, as well as machines, often lack security measures used to be in the company network, such as the following: (i) Antivirus Programs. Antivirus solutions will allow the detection of malicious code. A successful antivirus system will always determine whether a file contains suspicious activities, avoiding destruction or stealing of information [17]. (ii) Firewalls. A firewall is a network traffic control protection tool. Firewalls generally process network traffic from the Internet to a specific system and may function in two separate ways: to permit all network packets and block only suspicious ones, or deny all packets and to accept only those which are considered appropriate [18]. (iii) Intrusion Detection Systems (IDSs). IDS means monitoring the network traffic patterns and analyzing such traffic to detect any intrusion to the system. e IDS works by comparing the network activity to a defined database of vulnerabilities and their range of activities, such as violations of protection policies, ransomware, and port scanning [19]. (iv) Intrusion Prevention System (IPS). It represents a shield between the outer environment and the internal network. It is a proactive system that rejects network traffic according to the vulnerability profile [19].  new challenge is defined, which is the employee's ability to learn new technologies. In addition, they might not be able to ask an office workmate for help, as they normally do. So, it should be checked how staff are coping, not just how to use new technologies but also how they are adapting to having to work in a very different environment [20]. (ii) Less Functionality. e software and application programs used at home may have fewer features and capabilities than the office software.
(iii) Productivity. e previous two factors may directly affect the throughput, and in the worst case, some tasks may be unachieved or canceled or may not be accomplished within the deadline limits.

Personal Devices.
When working from home, employees usually use their personal devices; most probably, they feel more comfortable using them. However, personal computers or laptops are very likely to exist. erefore, the following risks might be in place [20]: (i) Lack of Performance. Organizations often used high-performance workstations with higher processing elements and memory storage capacity than personal computers or laptops or mobiles. (ii) Usage of Untrusted Programs. ey expose data to different threats that might lead to data loss or to improper operations and processes which increases the risk of potential malware. Cyber-attacks

Unauthorized Access.
It is an important problem that happened due to working at home. e attackers continue to attempt to access the system without any authorization. e following threats may apply: (i) Penetration of Employee Accounts. Many organizations had rapidly deployed new infrastructures not used before and created new employee accounts to get access. Most employees choose simple passwords, which might lead to privacy breach or system vulnerability. e most common passwords revealed how repetitive and ignorant of potential security threats are. e UK's National Cyber Security Center (NCSC) breach analysis showed that, worldwide, 123456 is used as a password by 23.2 million victims' accounts.
(ii) Penetration of Corporate Systems. Due to the pandemic, many of the organizations deployed new network infrastructure rapidly to cope with work from home environment. Malicious cyber actors are leveraging a number of established vulnerabilities on VPNs and other remote work devices and applications to take advantage of this transfer to work from home. Due to the rising number of organizations and people using online communication tools, such as Zoom and Microsoft Teams, malicious cyber actors hijack online meetings, teleconferences, and online courses, which have been established without security controls (e.g., password).

Irresponsible Behaviors.
Here, the recommended security policy could be violated when employees work from home and follow irresponsible behaviors such as [22] the following: (i) Untrusted Connections. Some of the employees work from outside of their home using public Wi-Fi networks, which are considered as a perfect entry point for system attack and data theft. (ii) Unauthorized Monitoring. Employees who are working at home may be susceptible to unauthorized monitoring from untrusted personnel such as a spiteful neighbor and spy.
(iii) Employee Priorities. When working from home, employees have different priorities where exceptional family care needs impact personnel availability.

Social Engineering Attack.
e social interfingering attack is another type of cybersecurity threat where malicious cyber actors use foundational social engineering techniques to enable a person to perform specific acts. ose actors leverage human characteristics such as interest and anxiety regarding the coronavirus pandemic to persuade possible victims to [23] the following: (i) Click a Link or Download an App. Clicking a link may lead to a phishing website or downloading malware. For example, during the pandemic, an Android application has been developed for the actual coronavirus outbreak tracker. Attacks aim to trick the user into giving their administrative access to the "CovidLock" where ransomware is installed on their systems. (ii) Open a Malware-Containing File. is comes from opening an email attachment with phrases related to COVID-19 updates or new medication. Malicious cyber actors spoof the sender as the email comes from an authentic person or entity, such as the WHO, or a person at the WHO, with "Dr." Actor sends phishing emails with links with a fake login page in many cases. Another example would be an email originated from the human resources (HR) department of a company with an attachment for the recipients to open. ese emails include Coronavirus file attachments or related COVID-19 issues such as "President discusses the budget savings due to coronavirus." ese may be called malicious file attachments with malware payloads [28]. e uptick in socially engineered cyberattacks is mainly targeted financial and personally identifiable information (PII) data [23].

Ransomware Attack.
Ransomware is a type of malicious money-extorting attack. In general, the malware operates by disabling the whole operating network or by encrypting a  user's data, which allows the user to compensate for it. Attacks by ransomware are primarily aimed at large organizations because they have a large volume and are ready to pay for them.
Bitcoin had become one of the most popular currencies that is demanded by attackers as payment because of their anonymity and transaction speed. Ransomware is considered a serious challenge to every type of business, not only by locking the data from access but also by selling the information if the user did not pay the ransom. Well, loss of life is not expected in these situations [29,42].
However, if an intruder reaches the health care system in a health disaster all around the planet, therefore, severe human casualties may be incurred. COVID-19 and ransomware give hackers a unique, versatile platform for attacks. Medical services are more critical than ever and are often easy malware targets. e criminals are certain that the health organizations are going to pay the ransom when clinics, emergency facilities, and public institutions are attacked since they are overloaded by health problems and cannot continue to shut down their networks. It may be an entire tragedy during a pandemic.
Interpol also alerted hospitals and medical institutions that during heightened fear and communication in the medical environment, they are at risk of being attacked by ransomware attackers. Combined with the famous fact that IT systems are outdated so much, it is possible that today's medical facilities run software with a known exploit. Attackers take advantage of this situation by (i) Running ransomware attacks faster (ii) Recruiting others to maximize their impact (iii) Ransomware-as-a-service is utilized effectively on the dark web Since the rate of ransomware attacks is increasing, especially during the COVID-19 time, the following sections introduce several accidents of ransomware attacks.

A Food Delivery Service in Germany Faced a Bitcoin
Ransom Attack. COVID-19 pandemic forced Germany to take severe actions, implementing severe restrictions on the restaurant industry. As a result, German citizens have become more dependent on still operating delivery services. One is Liefrando, which supplies food from over 15,000 restaurants. Cyberattackers have launched a ransomware attack on the German food delivery company "Takeaway.com" (Liefrando.de). Food orders were received but could not be processed; consumer refunds were to be issued by Liefrando.
is can cause certain companies to compensate for cybercriminals or invest in security systems for sophisticated threats [33].
Liefrando tweets that orders paid online and were not delivered due to the system attack will be refunded as soon as possible, and the situations are repairing as shown in Figures 7(a) and 7(b).

Coronavirus Vaccine Test Lab Attacked by Maze
Ransomware. In London, cyberattackers using Maze Ransomware attacked the business Hammersmith Medicines Study (HMR), which leaked thousands of patients' personal details. e company involved is reported to have carried out testing to develop the Ebola vaccine as well as medication that could cure the disease of Alzheimer's and had been on hold until they were targeted with Maze malware to carry out research on possible coronavirus vaccines.
e HMR reported that their IT department discovered the attack on 14th March 2020, but they were able to restore both services effectively by the day's end [43].
On 21st March 2020, the attackers reported tens of thousands of patients' information between the ages of 8 and 20. Medical records, copies of passports, driving licenses, insurance details, and more were compromised. HMR Managing Director and clinical manager and the doctor confirmed that they do not wish to compensate for the ransom: "I would rather quit company instead of charging a ransom to these men." Criminal users also use the RaaS model (Ransomware-as-a-service), which provides certain crooks named affiliates with malicious technology. e members are liable for distributing the initial ransomware and eventually charging the malware developers. e attack is most commonly committed by spam mail campaigns and RDP (Remote Desktop Protocol) attacks.
erefore, hospitals may be attacked by mistake merely because malicious actors target their victims through network vulnerability rather than names of the organization [43].

Ransomware Strikes a Biotech Firm Researching Possible COVID-19
Treatments. When the COVID-19 pandemic had spread through the US, hackers targeted a biotechnology firm headquartered in California that produces instruments that researchers use to learn about coronavirus. e organization is part of an International Alliance that is currently sequencing cells from COVID-19 patients to see whether the disease's cure is feasible. A financial divulgation form submitted in the United States by the 10x Genomics Inc. to the Securities and Exchange Commission confirmed it had experienced a suspected ransomware attack involving the hacking of client details. e organization restored "no direct day-to-day effect" regular activities and stated that it collaborated with law enforcement to examine the violation [44].
Biotech Firm 10x Genomics Inc. had also been targeted by a REvil team using ransomware from Sodinokibi as shown in Figure 8. e attack had been disclosed by the organization in its SEC report on 1st April. On "an.onion" website, a screenshot of the folder directory was reported on the attacker's domain (called REvil), which stated "We extract 1 TB of data from your secure disk "/netapp/scada." We will publish the first portion in three days if you do not e-mail us. It's CYA." [44].  Figure 7: "Liefrando.de" food supplier tweets [33]. (a) "Liefrando" tweets for refunding orders. (b) "Liefrando" tweets for repairing the situation and accepting orders only.  Journal of Advanced Transportation

Phishing Attacks.
During COVID-19 time, the attackers send different emails or SMS messages with false claims such as having a "cure" or encouraging donation. Like other phishing schemes, these emails and SMS use real-world problems to try to manipulate people into clicking. e scam messages (or phishes) can be very difficult to detect and are intended to get people to react without thinking [45]. Phishing attacks could be classified into three basic types: SMS phishing, email phishing, and phishing scams. ese types will be discussed in detail in the next sections.

SMS Phishing.
Most attempts at phishing occur via email, but the National Cyber Security Center (NCSC) has identified some attempts to do phishing with text messages. Historically, SMS phishing has used cash rewards as part of the appeal, including granting grants and rebates (such as a tax rebate). Coronavirus-related phishing continues to target the pandemic's financial theme, especially financial support services [46]. SMS messages, for example, use the UK government theme to gather username, address, name, and bank details from victims. e SMS messages from "COVID" and "UKGOV" directly link the phishing website. Figure 9 presents this example of malicious messages that can come in other ways than by email. Besides, SMS, WhatsApp, and other message services are also included as possible channels. In their phishing campaigns, malicious cyber actors are likely to continue to use financial issues. In particular, new government-assistance programs to respond to COVID-19 will probably be used as topics for phishing campaigns [34].

Phishing Emails.
Because of the latest coronavirus condition (COVID-19), computer criminals send emails pretending to have a "cure" to the infection, offer financial rewards, or persuade the victim to donate. Like other phishing schemes, such messages play on real-world issues to try to get you to click the provided phishing link. Some of the examples of phishing emails include coronavirus updates, new confirmed cases, outbreaks, and emergency services. Such emails may contain an invitation to an individual to access an URL that is used by malicious cyber actors to steal sensitive details such as usernames and passwords, credit card information, and other personal data, as shown in Figure 10 [47].
e Australia Post reported, as shown in Figure 11, on the COVID-19, a phishing email that was being impersonated by them on ursday, 19th March 2020. e purpose of this email was to mislead the recipient to access a website that collects Personal Identifying Information (PII) under the illusion of offering advice on travels to countries with COVID-19-verified cases. If the cybercriminals have acquired the PII, they frequently open bank accounts or credit cards on behalf of the victim, using illicit funds to purchase expensive goods or convert money through failed cryptocurrencies, including bitcoin [48]. Figure 12 shows one of the COVID-19-themed phishing emails where the sender presents to be one of the wellknown health organizations inviting the recipients to access new information about the COVID-19 virus in their local areas through clicking on a given link [48]. e COVID-19 phishing emails containing fake word documents and other attachments that include hidden computer viruses have also been provided by the Advanced Cyber Security Center (ACSC). roughout this case, the phishing email pretends to be from the WHO and calls on the receiver to open the attachment. e attached file, when opened, includes malicious software that immediately gets installed on the recipient's computer and allows a malicious agent permanent exposure to certain forms of malware, including spyware or customized contact details (in order to attack acquaintances, the family, and other scams), as shown in Figure 13 [48].

Phishing Scams.
e scam messages, or "phishes" are intended to make the person respond without thought and can be quite difficult to spot. Cybercriminals often create a variety of schemes targeted at a growing number of marginalized people. e ACSC was made aware of an international scam that invites people as casual employees or volunteers to help the "Coronavirus Relief Fund." Applicants are advised to accept the provision of donations for social programs of COVID-19. In reality, people who have been innocently caught up in this scam turn into moneymules for cybercrime syndicates, transferring criminal gains into untraceable cryptocurrency. Australians were similarly attacked [49].
On 20th March 2020, Advanced Center for Computing and Communication (ACCC) alerted Australians of a phishing email that asks them to fill an attached form to get $2500 as COVID-19-assistance payments. e attachment contains an embedded macro, which installs malware to your computer. People are advised not to open the attachments and just uninstall the document if such phishing emails are obtained, as illustrated in Figure 14 [48].

Denial of Service (DoS) Attack.
Denial-of-Service (DoS attack) is a computer attack in which the attacker attempts to momentarily or permanently make the services or Internet resources inaccessible to their intended users. Service denial is usually accomplished by flooding the target system or resource with superfluous requests for the intent of overloading and blocking the fulfillment of any or all valid requests [16]. e incoming traffic that reaches the target originates from several separate sites in a distributed denial-of-service attack (DDoS attack). Distributed attacks of denial of service aimed at websites and online services. e aim is to maximize traffic across them, rather than to enable the server or network to run. e goal is to make the website or service inoperative [16].
Institutions that provide public information on the COVID-19 pandemic are the primary aims of such attacks.      of requests for several hours. Extra protection has been implemented by the HHS agency to prevent any future attack. Besides, a continuous monitoring strategy for the network is now in place. is makes HSS and federal networks work normally till the time of writing this article [21]. (ii) Italy's Social Security Website (INPS). Here, attackers were able to force the website to shut down. erefore, severe disruption to the INPS occurred, as shown in Figure 15.

Journal of Advanced Transportation
is cyberattack has disrupted COVID-19 payouts. e cyberattack posed questions regarding the health of the digital network in Italy as it deals with the coronavirus emergency. But the riskiest situation is that a sophisticated cybergroup would exploit any of the vulnerabilities and technological defects of a web application to raise the magnitude of the DDoS and finally be ransomed for stopping their activities.
is puts Italy's officials in an uncompromising situation and to make a decision of two evils: accept the ransom and launch a wave of identical attacks on public infrastructure or refuse and leave poor citizens unable to seek financial aid because they desperately need it. As early as possible, DDoS protectors ought to offer their support to the concerned organizations, or the first big instance is that cybercriminals steal lives away [30].

(iii) Brno University Hospital in Brno, Czech Republic.
Brno University Hospital is one of the Czech Republic's largest COVID-19-testing centers. ere was a major disruption to the hospital services due to the cyberattack. e accident was nevertheless found to be too serious to about putting off immediate surgery and move to the neighboring St. Anne's University Hospital with new, emergency patients. At the incident, the hospital had to close down the entire IT network and two other divisions, Children's Hospital and the Motherhood Department, which were also impacted [24]. (iv) Australia's Online Services Site (myGov). is site has had to confront a massive DDoS attack for many hours, stopping people from accessing it, as shown in Figure 16. e Minister of Health made the announcement after the lockout of thousands of Australians when seeking to access welfare programs. e federal government's online services site "myGov" has suspected the "serious Distributed Denial of Service (DDoS) attack." e online service witnessed ten times increase in visitors, from 6000 concurrent users to 55,001 users. Unfortunately, this means the 55,001 users could not access the service, which also highlights that other threats are still around [31].
3.6. Physical Attacks. Several reports and news reached out to say that the commercial crime has been increased; these reports abstracted that in the following statement: "It seems like there are some folks out there looking to be opportunistic." ey depend on the fact that people are already in panic mode and need assistance [13,35].
Several physical attacks that had been collected from different countries are presented as follows: e Vancouver Police Department (VPD) arrested 40 accused thieves in different stealing crimes during a week. ese cases threaten the secrecy and privacy of corporate clients' and employees' data besides the corporates' infrastructures. Also, a new phenomenon appeared where three of the parked cars are hit the same way. e attackers smashed the window of the three cars. CTV News examined and compared it with the past four weeks four hours before active distancing steps came into practice. Such data indicate that industrial breakdowns increased by 46%, compared with 85 cases a week over the last four weeks, relative to an average of 58 accidents in the four weeks prior to the start of clear physical separation acts, and in downtown Vancouver, data show that the increase is more evident, which is more than doubled, from 15 accidents a week to almost 35 accidents a week [36]. (ii) Burnaby. A surveillance firm monitoring the Big Bend business via closed circuit TV (CCTV) showed the police that a man had broken in and attempted to steal cable. Officers soon had the area surrounded and caught him [37]. (iii) United Kingdom (UK). e surveillance cameras of the UK National Health Service revealed the moment a man stole a bicycle belonging to an employee of the foundation to combat the coronavirus, as shown in Figure 17. e man appeared Figure 15: Italy's social security website has been forced to shut down [30]. on the video clip stealing a bike and then exited it from the portal of Leicester Donner Center, according to the metro website [38]. (iv) South Africa. It has been reported by one of the physical security agencies that individuals acting as good citizens distributed free face masks and hand sanitizers. By this way, they can gain access to people's homes and offices. In these cases, cybercriminals believe that people are scared and need to stay secure. e idea of being healthy at present is to use items for cleaning and to keep the house tidy [11,32]. (v) Hong Kong. e police claimed two armed robbers were captured who robbed 600 stool rolls of toilet paper outside a grocery store-a warning that panic was seldom sponsored as a consequence of the outbreak of coronavirus. Local media reported that at about 5 a.m., a truck driver transported the toilet paper rolls to a store in the Mong Kok area.
Around an hour later, three guys in their twenties, wearing caps and face masks, turned up. One of them threatened the driver with two guns, while the other two put 50 toilet paper packets or 600 rolls on a trailer. e toilet paper was eventually discovered in a local hotel, and two suspects were charged [39]. (vi) Spain and Portugal. e police claimed that the masks in Portugal, gloves, and other personal protection equipment (PPE) had been robbed from a medical supplies business located in Santiago, Galicia, which was in high demand because of the pandemic COVID-19. roughout the closed factory at a northern city manufacturing park, hundreds of masks had been strongly stacked. But, the photographs released in the last days reveal piles of empty boxes in the building that appear to have been ransacked, as shown in Figure 18. Based on the incident, a joint investigation by both Portuguese and Spanish authorities was conducted. e man is believed to be a property company director [40]. (vii) ailand. ai police discovered a recycling factory used to repackage used face masks to be sold as new [50]. (viii) Egypt. e Egyptian security forces had launched several campaigns during the past period against the exploiters of the emerging outbreak of the coronavirus, including manufacturers and dealers of unknown medical supplies. ere were numerous incidents of seizing the exploiters of the corona crisis, whether by raising prices without justification or the perpetrators of commercial fraud crimes, in light of the Egyptian Ministry of Interior's pursuit since the beginning of the crisis of the spread of the coronavirus [25]. (ix) Giza. Recently, a tailor had been arrested because he manufactured medical masks of poor quality and sold them to citizens for illegitimate profits, taking advantage of the crisis of the spread of the coronavirus. He had a thousand medical masks and 2,000 masks in the process of being prepared.
In the same context, the investigation of the police department managed to arrest four people in possession of 12500 anonymous medical masks with the intention of selling them to citizens. (x) Cairo. A merchant had been arrested, in possession of 24 medical gel packs for sterilization, 20 disinfectant packages, and 423 masks, of unknown origin, for the purpose of selling and making illegal profits. Similarly, the Security Directorate seized a factory producing unsterile medical masks made from unknown sources, and the owner of the factory was arrested. Inside the factory, they found 100 thousand masks ready for sale and three tons of fabrics for future fabrication. Moreover, a hospital worker was arrested in a car loaded with 13,000 medical masks and 25,000 gloves, which had been manufactured in the previous factory. Figures 19 and 20 show some of the medical supplies that do not conform to the specifications of quality.

Unethical Attacks and Behaviors.
Fear of the spread of the novel coronavirus and the severe losses it causes, whether in terms of human casualties or the economic crisis resulting from it and the accompanying extremely serious effects on the global economy, have led to a new "global information war" between countries in order to secure the necessary equipment to combat the deadly virus. Figure 21 shows the rate of the abused keywords related to COVID-19. As conditions, losses, and fears worsen, countries are scrambling to take measures to secure the necessary

Countermeasures
is section presents some cyberattack countermeasures followed by some general recommendations for companies, organizations, and users. However, looking at the details of attacks, the types of attacks could be classified according to the defense strategies into software-based, hardware-based, and network-based. Table 2 presents some of the countermeasures for the previously mentioned attacks, which are categorized according to the defense strategies.
Furthermore, there are several technical recommended countermeasures related to COVID-19 cybersecurity attacks. ese countermeasures are illustrated in Table 3.

Open Research Issues
is section shows some of the open challenges in terms of security, especially at the time of pandemic, as follows.

Attacks on Privacy.
With the increase of connectivity to the Internet and people forced to work from home, some security measures were ignored. Remote access is implemented through different methodologies. Adversaries take the benefit of the situation, having easy access to the personal computers as well as to companies' servers. Eavesdropping, traffic analysis, and data mining are common attacks. is is still an open issue to be considered.

Authorization and Access Control.
Authorization is typically implemented through access controls. Both have to be implemented by establishing a secure connection between the end user and the server. With work from home, IT administration is not that effective. erefore, certain other methodologies need to be implemented for certain situations.

End-to-End Security.
End-to-end security means applying security to the end nodes such as endpoints, personal and company devices. Cryptographic techniques are not sufficient for end-to-end security. Both ends' verification is a must for secure connections.

Physical Security.
It became very clear that physical security at the time of pandemic became a challenge, and regular methods are insufficient to handle critical situations; even surveillance cameras were not enough [53].

DoS
Attacks. DoS became the most dominant attacks, especially on governmental websites that provide emergency services to people. More extreme types of DDoS attacks include a mechanism known as "memcaching," which utilizes vulnerable, open-source object-caching schemes to escalate access requests and inundate sites with more than one terabyte of traffic.    Figure 21: Daily report on newly suspicious domains. Network-based (i) Encrypting IP data, IPSec was developed. IPSec has been used for several years to create a private virtual network (VPN) between a remote device and a trustworthy network (i.e., an intranet company), which establishes protected connections through the Internet.
(ii) TCP sat above the IP to efficiently send the packets (i.e., retransfer missing packets) and requested packets to be initially sent.
(iii) SSL was designed to provide end-to-end protection between two computers that sit across the TCP (transmission control protocol) comparing to the layer-based protocol only.
(iv) Securing web page access, SSL/TLS is widely used with https.
Software-based (i) Quantum cryptography is an up-and-coming technology that simultaneously produces two parts of a common, secret cryptographic key by utilizing a quantum state of light [51].
(ii) Continuous risk assessment: no two businesses are identical. is is why each organization has its own risk profile based on its scale, regional structure, market operating environment, etc. Each organization will take a set of measures needed as prerequisites for enforcing security controls, including the detection of threats, weaknesses, and risks, and developing and implementing protection controls that mitigate such risks.
(iii) Based on the company assessment of the risk, data could only be protected by a password. For remote access, other sophisticated methods might be required, such as biometric authentication and random PIN.
(iv) To strengthen and protect information protection, it may be useful to record the processes and controls enforced in a formalized set of policies and procedures, maintain a consistent and accurate method of knowledge delivery, and increase employee understanding and engagement.
(v) e best approach to protect data is to remove any records that are no longer required for everyday business purposes. Data backup and archiving must ensure that data are retained as long as it is necessary for a particular location (server, unique files, etc.) and excluded from the business network, thus limiting the risk of unauthorized access to confidential information.
Software-based with hardware-based (i) Cryptography is an important method to secure the data exchanged between users through the encryption of the data such that it can be decrypted only by authorized users with the appropriate keys. e most used mechanism for data protection is cryptography. One of the latest cryptography techniques introduced by the US National Institute of Standards and Technology (NIST) is Advanced Hash Standard (ASH). It is used for applications involving high-speed encryptions a replacement to the RSA with 2048-bit key and for impracticable involvement of the certifying authorities [52] (ii) Companies will ensure that all their infrastructure (hardware and software), including security software (e.g., antivirus programs) is up-to-date and the new updates are enabled, so no exceptions might occur. It is, therefore, important that businesses ensure that a third-party software agreement is effective to support maintenance and upgrading services.
Network-based with software-based (i) A recent study field where the network professionals and the visualization group need to integrate expertise to map network traffic utilizing improved visualization techniques. Network specialists with the extensive technical expertise in networking technologies can also examine the graphic display of the results [26].
(ii) Companies are supposed to ensure that access for leavers, contractors, or any outside parties who have already demanded access to the company's network is adequately restricted and promptly terminated.
Manual controls or automated controls should disable domain accounts that have not connected to the network during a given period of time. A broad variety of controls mitigate such risks.

Conclusion
is paper reviews the cybersecurity attacks at the time of COVID-19 pandemic. It reviews the history of pandemics faced the world at different time periods. e paper showed that every pandemic has its own spread percentage. It also explores the different types of cybersecurity that appeared before the pandemic. Attacks are classified into flow control, injection, information leakage, and denial of service (DoS). e flow control is extended further to code reuse. e injection type of attacks is extended to false data, malware, and sabotage, where sabotage is shown in various forms such as crash, memory corruption, and physical attacks. e information leakage includes further side-channel and encryption key bypass attacks, while DoS involves flooding attack. e paper goes beyond the regular cybersecurity attacks to to study other newly developed attacks such as working from home threats, social engineering attacks, ransom attacks, and phishing, DoS, unethical, and physical attacks. ese attacks are studied in view of the pandemic. Attacks within each type are classified further and explained in detail. Furthermore, the paper introduced a set of countermeasures and recommendations classified according to the defense strategies.
Future work includes (i) Artificial intelligence (AI) and their roles in containing the pandemic. Many of the AI techniques have been used recently to detect coronavirus using image processing, coughing, and/or temperature analysis. An investigation into these topics will be beneficial to the security community. (ii) Studying the effectiveness of the current network infrastructure at the time of the pandemic. As (iii) If you think your account has already been hacked (you may have received messages sent from your account that you do not recognize, or you may have been locked out of your account), refer to service provider guidance on recovering a hacked account.
(iv) Full antivirus (AV) scan should be conducted to clean up any problems it finds.
(v) If the password is provided, it has to be changed immediately.
(6) Phishing attacks (i) Carefully handle SMS text messages related to COVID-19, either the word "COVID-19" is stated in the subject line, attachment, or hyperlink, and be cautioned about COVID-19-related calls.
(ii) Before opening an email or SMS, consider who is sending it to you and what they are asking you to do. Organization call could be an appropriate way to verify the email or the SMS message.
(iii) Avoid contacting the phone number or replying to the email address stated in the message or the message came from. It is most likely belonging to a scammer. (iii) Apply file and folder hashes to identify system files and folders where they have been compromised.
(iv) Reverse DNS lookup for source address verification.
(v) Applying filters on unnecessary traffic minimizes the DoS attack. Also, you can contact your ISP to filter closer to the source and reduce the bandwidth used by the attack.
(vi) Hardening practices on all computers, particularly servers and directory and resource servers exposed to the public. (iv) Must not click on emails that you do not expect to receive or from an unacquainted sender.
(v) As usual, notify the local police if you suspect that you are the victim of a crime.
(vi) Remote users might need to use software different from what they do in their offices (or use familiar apps in a different way). For these features, you should produce written guides and test how the software operates as described.
(9) Physical attacks (i) Ensure that staff know what to expect if their computer is lost or stolen, such as who to talk to. Encourage users to record losses as early as possible.
(ii) Ensure data encryption at rest, securing computer data if damaged or compromised. Most modern computers are encrypted, but encryption will also need to be activated and installed.
(iii) Reporting odd activities such as looking through windows of closed shops or attempting to unlock doors. (iv) Maintain windows clear of merchandise, clear all cash from the premises, protect all doors and windows with strong locks, and ensure the alarms, surveillance cameras, and exterior lighting are in proper working order.
(v) Check companies frequently to ensure that no protective equipment is destroyed or removed. mentioned in this paper, the network infrastructure and lack of its security cause a large number of security breaches. erefore, one of our future directions is to investigate the root causes of threats and attacks related to the network infrastructure. (iii) Detailed analysis to all of the stated malwares including their signatures and their effect. e current attacks and malwares have different signatures, and studying such signatures help reducing or avoiding their risks. (iv) Studying the effectiveness of the current countermeasures, especially at the time of pandemics. ere are many reported cases and steps that were taken by the IT and security specialists; reporting such techniques to the security community will be beneficial. (v) Deep investigation into people psychology in recent times as well as in previous pandemic periods. Apart from the security, the psychological behavior of people during the pandemic time will be a great help to psychologists.

Data Availability
No data were used to support this study.

Conflicts of Interest
e authors declare no conflicts of interest.